<?php
    /* Fingon 2011.07 */
    require_once('global.php');
    require_once('/code/Include/db_mysql.php');
    
    Class Admin
    {
        public $username='';
        const LOGIN_URL='/admin/login.php';
        const INDEX_URL='/admin/';
        const PWD_APPEND='lzw';
        
        private function isLogin(){
            $isLogin=false;
            if(isset($_COOKIE['admin']) && $_COOKIE['admin']!='') {
                $this->username=$_COOKIE['admin'];
                $isLogin=true;
            }
            return $isLogin;
        }
        
        public function loginCheck($needLogin){
            $isLogin=$this->isLogin();
            if($isLogin xor $needLogin){
                if($isLogin) header('Location:'.self::INDEX_URL);
                else {
                    //header('Location:'.self::LOGIN_URL.'?msg=您还没有登录');
                    echo "<script>window.parent.location='".self::LOGIN_URL."?msg=您还没有登录'</script>";
                    echo "<script>location='".self::LOGIN_URL."?msg=您还没有登录'</script>";
                    exit;
                }
            }
            return $this->username;
        }

        public function login($admin,$pwd){
            $db=new DB();
            $sql='select * from admin where username=\''.$admin.'\' and password=\''.$this->get_md5($pwd).'\'';
            $rs=$db->get_one($sql);
            if(empty($rs)){
                header('Location:'.self::LOGIN_URL.'?msg=用户名或密码错误');
                exit;
                return false;
            }
            elseif($rs['is_active']!=1){
                header('Location:'.self::LOGIN_URL.'?msg=用户被禁止');
                exit;
                return false;               
            }
            $sql='update admin set login_count=login_count+1, last_login=modify_time where username=\''.$admin.'\'';
            $db->update($sql);
            $this->username=$admin;
            setcookie('admin',$admin,0,'/admin/');
            header('Location:'.self::INDEX_URL);
            return true;
        }
        
        public function pwdCheck($admin, $pwd){
            $db=new DB();
            $sql='select count(*) as result from admin where username=\''.$admin.'\' and password=\''.$this->get_md5($pwd).'\'';
            $rs=$db->get_one($sql);
            return $rs['result'];           
        }
        
        public function logout(){
            setcookie('admin',FALSE,0,'/admin/');
            header('Location:'.self::LOGIN_URL.'?msg=您已经安全注销。');
            exit;
        }
        
        private function get_md5($str, $append=self::PWD_APPEND){
            return md5($str.$append);
        }
        
        public function getUserInfo($username){
            $db=new DB();
            $sql='select * from admin where username=\''.$username.'\''; 
            return $db->get_one($sql);           
        }

        public function editPwd($admin, $pwd, $oldPwd){
            $db=new DB();
            $sql='update admin set `password`=\''.$this->get_md5($pwd).'\' where username=\''.$admin.'\' and `password`=\''.$this->get_md5($oldPwd).'\'';
            $db->update($sql);
            return $db->affected_rows();
        }
    }
?>